Thread Rating:
  • 1 Vote(s) - 4 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Xenforo 1.5 RCE
#1
XenForo 1.5.x Remote Code Execution, does anyone have a POC for this or know how to exploit it ?
#2
(08-04-2017, 08:25 PM)ShadowArion4384 Wrote:  XenForo 1.5.x Remote Code Execution, does anyone have a POC for this or know how to exploit it ?

pretty sure that shit is private
#3
where did you find this "XenForo 1.5.x Remote Code Execution" ?
#4
I researched about the exploit and it seems Xenforo was indeed affected by Remote Code Execution vulnerability but it requires Admin privileges to successfully exploit which is a bummer.

Code:
public static function getWithFallback($index, $callback, array $args = array())
   {
       if (self::isRegistered($index))
       {
           return self::get($index);
       }
       else
       {
           $result = call_user_func_array($callback, $args);
           self::set($index, $result);
           return $result;
       }
   }

This code was posted in a discussion and you can read more about the security fix and reverse engineer patch.

Refer - https://xenforo.com/community/threads/xe...ix.120218/
#5
Are you refering to http://0day.today/exploit/26532

There doesn't appear to have been a patch released for Xenforo on the day that the author claims, and Xenforo denies the existence of the exploit

Some Xenforo Developer Wrote:We know of this report, and have done since it was "disclosed", but as far as we can ascertain the report is a hoax.
Some Xenforo Developer Wrote:To be 100% clear, if such a vulnerability (and our track record so far will confirm this) is ever reported, we would release a security patch for as many previous XF versions as is practicable and when we announce that update it would be made 100% clear that it is security related and we would disclose what the vulnerability was and who disclosed it to us. None of our vulnerabilities so far have been anywhere near as severe as a remote code execution type vulnerability, and have actually been very minor. Following the process I just mentioned for reporting such a vulnerability that was as severe as an RCE would be even more important to us. We'd have nothing to gain by not being honest and open about such a vulnerability.
https://theadminzone.com/threads/did-xen...st-1088170

(08-08-2017, 12:26 PM)dbcracker Wrote:  I researched about the exploit and it seems Xenforo was indeed affected by Remote Code Execution vulnerability but it requires Admin privileges to successfully exploit which is a bummer.

This code was posted in a discussion and you can read more about the security fix and reverse engineer patch.

Refer - https://xenforo.com/community/threads/xe...ix.120218/

This patch is for a SSRF vulnerability, not RCE.

The RCE vulnerability that requires admin privileges that dbcracker is referring to is made reference here: https://hackforums.net/showthread.php?tid=5520863 and is discussed, somewhat, in the theadminezone thread (see link above)

Regarding that code snippet:
Some Xenforo Developer Wrote:The getWithFallback method isn't actually used within XF at all so I'm not sure how that could be exploited... Also not totally sure why it's there at all in that case, but we'll look into it.

So, that code snippet was likely posted as a troll on the hackforums thread.

Maybe the RCE that requires admin privileges exists, but it doesn't seem to have been disclosed (if it even existed at all, which is may not have given the source is hackforums)

There is, however, a recent XSS vulnerabilty that requires admin privileges: http://zeroday.insecurity.zone/exploits/xenforo_xss.txt
 


Possibly Related Threads...
Thread Author Replies Views Last Post
  XenForo Vulnerability ShadowArion4384 3 438 08-14-2018, 04:48 PM
Last Post: alfameg



Users browsing this thread: 1 Guest(s)